The purpose of this Policy is to inform about how SECONDWIND Capital processes personal data. The processing of personal data means the saving, sharing, sending and other use of such data. SECONDWIND seeks to: (a) ensure the security and confidentiality of personal data; (b) protect against any anticipated threats or hazards to the security or integrity of such personal data; and (c) protect against unauthorized access to or use of such data.
The scope of this policy is limited to personal data. Personal data is any information relating to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Examples: address, credit card number, identity document, photos, bank statements, and bank account numbers (not limitative).
1.3 Guidance Principles
SECONDWIND follows the following principles:
SECONDWIND shall maintain the confidentiality of personal data acquired. SECONDWIND shall not disclose this information to other persons inside or outside SECONDWIND, except to persons who have a bona-fide business need to know the information in order to serve the business purposes of SECONDWIND and in accordance with this Policy.
- Collecting personal data
SECONDWIND collects personal information in the course of its business, as part of its business contacts and when a person engages in a (potential) business relationship with SECONDWIND. Personal data may only be collected when a person has given its consent, and for the explicit and legitimate purposes known to the individual involved.
The personal information that SECONDWIND processes includes:
- Basic information, such as (full) name(s), the company a person works for, title or position;
- Contact information, such as postal address, email address and phone number(s);
- Financial information, such as payment-related information;
- Identification and background information provided by a person;
- Any other information which a person may provide to SECONDWIND.
- Processing personal data
Personal data shall only be processed when there are explicit and legitimate purposes for doing so, such as the performance of a contract or compliance with legal and regulatory obligations. Where necessary, personal information may be shared with regulatory authorities, courts, government agencies and law enforcement agencies to comply with legal or regulatory requirements. SECONDWIND will use its reasonable endeavours to notify the individual involved in advance, unless SECONDWIND is legally restricted from doing so.
SECONDWIND does not sell or otherwise make personal information commercially available to any third party.
- Retention and Old data
Personal data are held in accordance with SECONDWIND’s Record Retention Policy, which specifies the appropriate retention period for various categories of data. Those periods are based on the requirements of applicable data protection laws and the purpose for which the information is collected and used, taking into account legal and regulatory requirements to retain the information for a minimum period, good practice and SECONDWIND’s business purposes. Personal data that are no longer required to be maintained are shredded.
- Information systems
SECONDWIND’s information systems, including hardware, software and network components and design, are established and maintained in order to protect and preserve personal data from unauthorised access, use, disclosure, alteration or destruction consistent with applicable data protection laws.
- Passwords and access
Personal data are maintained, to the extent possible, in computer files that are protected against access by means of a password system or are otherwise secured against unauthorized access. Access to certain databases and files may be given only to persons who have a bona-fide business need to access such information.
- System failures
SECONDWIND maintains appropriate programs and controls (which may include anti-virus protection and firewalls) to detect, prevent and respond to attacks, intrusions or other systems failures.
- Incident Reporting
In case of any incident regarding personal data, such as identity theft, hacking, loss of personal data or wrongly addressed material e-mails, also referred to as a data leakage (datalek) SECONDWIND and, if legally required, the Authority for the Protection of Personal Data (Autoriteit Persoonsgegevens) and the personal data shall be informed promptly.
- Rights of data subjects
The European Union’s General Data Protection Regulation and other applicable data protection laws provide the following rights for data subjects:
- A person is entitled to request details of the information SECONDWIND holds about him/her and how SECONDWIND processes it;
- A person may also have a right in accordance with applicable data protection law to have its personal information rectified or deleted, to restrict the processing of that information, to stop unauthorised transfers of the personal information to a third party and, in some circumstances, to have personal information transferred to another organisation;
- A person may also have the right to lodge a complaint in relation to SECONDWIND’s processing of a person’s personal information with a local supervisory authority; and
- A person may request SECONDWIND that any personal data that SECONDWIND holds of him/her will be shredded or removed; when this is not possible or when it is unlawful to do so, this will be clearly explained (“right to erasure, right to be forgotten”).
Contact e-mail address: firstname.lastname@example.org